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LOCAL AND REMOTE MONITORING USING A STANDARD WEB 

BROWSER 



Field of the invention 

The present invention relates to the area of local and remote monitoring and control, 
5 through use of a standard web browser and the Internet 

Background of the invention 

A communication node between data and a telecommunication networks is 
disclosed in PCT Patent Publication Number WO 94/24803 which describes a node that enables 
communication between users using different types of terminals, such as telephones and 
10 computers. 

PCT Patent Publication Number WO 98/19445 describes a service node between 
Internet networks and a telecommunications network that is used to order telephony services by 
means of HTML pages from a computer with a WWW browser. It also describes a method of 
calling a subscriber, in which the call is ordered by computer but the connection is set up 

15 between the telephones of a first and second subscriber. The service node communicates with 
computers connected to computer networks using the HTTP protocol. The node stores data 
related to a subscriber; said data can be used when the user requests a telephony service. 

A system for the control of devices within the home, using web browsers, is 
described in "Browser-style interfaces to a home automation network", IEEE Transactions on 

20 Consumer Electronics Volume 43 4, D. Corcoran, J. Desbonnet. 

The automation and security systems that may be installed in a user's premises 
are becoming more and more advanced. Users often have a common need to control and 
monitor such systems both locally and remotely. Typically these systems provide an on-site 
control panel offering input facilities and visual status display facilities, but generally must 

25 resort to non-visual monitoring and control mechanisms for remote operation. Remote operation 
is usually achieved by telephone through codes entered via a telephone handset. Some systems 
allow both local and remote operation using any combination of voice command input and 
voice feedback of status. Due to the complexity of the automation systems and the choices they 
afford users, such remote systems are cumbersome and limit the scope for interaction. In 

30 addition, the user must learn several alternate methods of control. 

Another problem with current systems is the absence of a monitoring and control 
method that provides a geographically independent standard interface that is universally 
accessible and not platform or hardware dependant. Corcoran describes the use of a web 
browser and the WWW for a standard interface, both local and remote, in "Browser-style 
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interfaces to a home automation network", IEEE Transactions on Consumer Electronics 
Volume 43 4,. However it is assumed in that paper that for remote monitoring and control, the 
site to be controlled is actively connected to the Internet at the time that remote operation is 
desired. In the case that the site is not actively connected to the Internet, a user may initiate a 
connection from their remote location to the desired site manually. However, this requires 
special knowledge and telecommunications access facilities on the part of the user and is not a 
suitable mechanism for those individuals who are not technically literate. 

Another problem with current systems, and with the system described by 
Corcoran, is that if the user is geographically remote to the user premises, then initiating a direct 
connection through the public telecommunication network is expensive, requiring a long 
distance or international call. 

Another problem with current systems relates to the handling of alarm and 
surveillance data. Current systems are based on CCTV and VCR technology. A problem 
associated with such systems is that surveillance data remains unprotected whilst retained at the 
site of an incursion. 

Another problem with current systems relates to the cost associated with the 
surveillance system. System costs for video surveillance may be prohibitive, as they are based 
on CCTV and VCR technology. In addition, steps must be taken to ensure that surveillance data 
remains protected if it must be retained at the site of an incursion. Methods employed to make 
such systems tamper-proof add to the total system cost. 

Another problem associated with current surveillance systems is that they may 
not differentiate alarm and non-alarm conditions, and continuously record activity. Such 
systems record in a loop fashion, eventually overwriting prerecorded material. 

Another problem with current systems is that they do not allow, except in the 
case of expensive systems, a remote user, or remote authorised security personnel, to interrogate 
a surveillance or automation system during an alarm condition. 

Another problem with existing systems is that they do not provide a facility for 
viewing surveillance material in relation to a user premises during non-alarm periods using 
standard platform independent and location independent mechanisms. 

Summary of the invention 

In accordance with a first aspect of the present invention, there is provided a 
home security and control system for monitoring and controlling an external environment such 
as a home environment comprising: an Internet browser connectable to an extranet; an extranet 
located external to the home environment and accessible via the Internet browser; a 
communications server located in the extranet and adapted to interconnect on demand with one 
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of a series of connection gateways located in predetermined home environments; and a 
connection gateway located in the home environment adapted to control and/or monitor the 
operation of at least one security device in the home environment; wherein upon accessing a 
predetermined address by the Internet browser, the communications server connects to a 
predetermined one of the connection gateways to control and/or monitor the operation of the 
security device. The extranet can ideally be implemented as an Virtual Private Network (VPN) 
across an Internet substrate. 

Preferably, when a customer connects to their home, their home effectively 
appears to them as a website, with all devices, security and otherwise, accessible for monitoring 
or control. 

In accordance with a further aspect of the present invention, there is provided a 
home security system for monitoring a home environment comprising: an extranet located 
external to the home environment; storage means forming part of the extranet; at least one 
communications server located in the extranet and adapted to interconnect on demand with one 
of a series of connection gateways located in predetermined home environments; a connection 
gateway located in the home environment adapted to control and/or monitor the operation of at 
least one security device in the home environment; and a security device activating a security 
condition upon the occurrence of a predetermined event; wherein, upon the occurrence of the 
predetermined event, the security device notifies the connection gateway and transfers event 
information on the predetermined event to the connection gateway and the connection gateway 
establishes an interconnection with the communications server and transfers the event 
information via the communications server to the storage means for later interrogation by a user 
of the home security system. 

Ideally, the storage means operates virtually in that it is allocated dynamically o 
a server in accordance with usage demands. 

Ideally, the communication server utilises a telecommunications network to 
interconnect with the connection gateway. The security device preferably can include or 
respond to alert conditions which are preferably forwarded to the connection gateway, wherein 
it can be qualified with a pre-programmed enable, and if the result can be TRUE, an alarm event 
can be generated, whereupon the connection gateway establishes a connection with one of the 
communications servers, and surveillance data related to the alarm event can be uploaded to the 
extranet for secure storage accessible upon interrogation by a user. In a further refinement, the 
enables can be across zones or device types so as to simultaneously arm multiple security 
devices. 

In one example, the extranet forms part of the Internet and the communications 
server can be located within the local telephone call radius of the home environment, thus 
providing lowest cost PSTN access from or to the home environment. Other types of access 
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may be provided (e.g. ADSL or ISDN interconnection). 

In a further preferred modification, photos of authorised occupants of the home 
environment are preferably accessible from the extranet and are accessed upon an alarm event 
and cross referenced with surveillance data to ascertain whether a true alarm condition has been 
5 raised. The accessibility to surveillance data can be controlled by the user. 

The system preferably requires user authentication to access the extranet by 
users, with the authentication being provided only once per Internet browser session. The 
system uses web page technology and can be implemented in, for example, the following 
manner: a) directly in HTML, b) directly in XML, c) XML parsed through style sheet to format 

10 supported by users browser (HTML, WAP, VRML ), d) scripting languages (e.g. Java). The 

accessible URL provided for each user of the home security system provides details of the 
current status of the home environment of the user. The Internet browser can be utilised in 
conjunction with an Internet access device which can include a smart card reader and associated 
user smart card which provides authentication details and a URL corresponding to the home 

15 environment. The smart card also ideally facilitates global access to the Internet for access of 
the extranet, and optionally additionally tracks connections for expensing. The Internet access 
device can be a computer, WebPhone, Portable digital assistant, or mobile phone or any other 
device with web browsing capability. 

In one embodiment, the smart card can include an on-board bio-sensor. Hence 

20 the smart card consists of a data receptacle and substrate, with the substrate including a bio- 
sensor on the surface. An embedded controller reads biosensor and processes input data using a 
stored identification algorithm. The substrate can also include an embedded communication 
means and means of accepting power for operation, either through direct electrical connection 
or magnetic/rf coupling. The authentication data can be bound to an individuals "fingerprint" 

25 during a registration process. Through utilizing an on-board biosensor, sensor devices are not 
required everywhere, only on the one card. 

The extranet can be extended to other uses including providing a user premises e- 
mail facility and other facilities, for example downloading of standard news data etc. The 
connection gateway can further incorporate a user programmed answer strategy, including 

30 delayed answer, and optionally detection of a voice connection and recording compressed 
message, thus operating in answering machine mode. After accepting the transmitted voice, fax, 
or data, upon completion of inbound call the connection gateway, can raise a connection to a 
communications server, and send an indication to the user of the home security system of the 
receipt of a recorded data. The connection gateway can further send a recorded compressed 

35 voice messages to a communications server for storage on the extranet for forwarding to a user 
of the home environment. The connection gateway also provides an indication of messages 
received on a HTML page accessible by a user of the home environment. In one embodiment, 
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the connection gateway acts as a hub and Internet connection mechanism for connected devices 
including the security devices located in the home environment. That is, the gateway acts as a 
router, so if a URL is entered which is external to home it automatically raises the connection to 
Internet. 

The connection gateway is ideally in a tamper proof enclosure and can operate 
without mains power such that, upon tampering, the connection gateway triggers an alarm and 
relays the alarm to the extranet. 

The system can also include a control terminal interconnected to the connection 
gateway, the control terminal comprising a wall mounted flat panel display incorporating a 
touch screen and running web browser. The control terminal can use wireless protocols such as 
TCP/IP running over wireless standards such as Bluetooth. The control terminal can be 
equipped with biosensor such as a fingerprint sensor, for access authentication of a local user in 
the home environment to the connection gateway. Alternatively, other forms of secure 
authentication can be provided. The control terminal can be connected to the connection 
gateway in a wireless manner and can be powered by rechargeable batteries, allowing the 
control terminal mobility within the range of wireless transmitters attached to the user premises 
network. Ideally, the control terminal can be of reduced handheld size, so that can operate as 
universal premises remote control. 

Ideally, the control terminal integrates a digital camera, microphone and speaker, 
and H323 protocol software, thus allowing the control terminal to be used as a videophone, 
through a standard browser interface. Alternatively, the control terminal can be provided by a 
personal computer (PC) equipped with a user premises network connection, wherein the PC 
runs a browser accessing a URL corresponding to the connection gateway. Alternatively, the 
control terminal can be provided by set top box connected to TV and running a web browser. 
The control terminal can be equipped with a smartcard reader for e-commerce transactions over 
the extranet. 

At least one of the security devices can comprise a digital security camera 
embodying image capture and compression method and an interconnection to the connection 
gateway running a protocol such as the H323 protocol standard. The camera could alternatively 
take JPEG stills, motion JPEG, or digital video. The camera preferably can include motion 
detection and image significance algorithms which run in the camera, and filter input so that 
only detected motion input can be compressed and sent through the connection gateway to the 
extranet. 

The connection gateway can be programmable to allow different response 
mechanisms to differing classes of alert event. Preferably, the connection gateway contains 
connection details for preferred and secondary communication servers on the extranet, so that if 
a first communication server does not respond, other communication servers may be contacted 
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until successful connection can be achieved. The extranet preferably can include a user contact 
database which preferably can include preferred contact methods, allowing automatic contact 
mechanisms to be associated with alarm condition, including use of e-mail, pager, computer 
generated voice message through telephone, requesting response or if timeout, security action. 
5 The user data storage on the extranet for storing event data associated with the 

home environment can be allocated virtually and allocated redundantly, ensuring integrity of 
stored surveillance data. 

The security devices preferably can include an external access mechanism to the 
user premises. Also one of the security devices can be equipped with reader for an RF tag that 
10 can be used for user authentication or equipped with a smartcard reader that can be used for user 
authentication. 

Preferably, the connection gateway provides support for standards such as the 
HomePnP standard for CEBus networks, OSGI, Bluetooth, the HAVi standard for consumer 
appliance control etc. 

15 In one example access mechanism, the smartcard preferably can include a 

biosensor bonded to the substrate of the smart card, and circuit embedded in smartcard to 
authenticate user before the smartcard will operate. 

In accordance with a further aspect of the present invention, there is provided a system 
for providing information access across at least two networks, the system comprising a first 

20 network having a first network access controller; a second network having a second network 
access controller; and a user access browser located on the first network for locating and 
examining information on the first and second networks by means of network address locators; 
wherein when a predetermined location on the network is accessed, the first network access 
controller initiates the establishment of a network connection to the second network access 

25 controller so as to provide for the temporary interconnection of the first network to the second 
network, the system thereby providing a seamless access to information stored on the second 
network from the user access browser. 

Brief description of the drawings 

30 Preferred embodiments of the present invention will now be described with reference to the 
accompanying drawings in which: 

Fig. 1 illustrates the arrangement of the preferred embodiment; 
Fig. 2 illustrates the software modules of a gateway; 

Fig. 3 illustrates a gateway attached to a series of appliance via different 

35 networks; 

Fig. 4 illustrates a gateway attached to a series of appliances; 

Fig. 5 illustrates schematically the structure of a first camera system; and 
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Fig. 6 illustrates schematically the structure of a second camera system; 
Description of Preferred and other the Embodiments 

The preferred embodiments provide a method of remote control that provides the user visual 
monitoring and control information. The preferred embodiment also provides a visual interface 
for both remote and local monitoring and control. The preferred embodiment simplifies the use, 
for a user, of automation and security services in relation to their designated premises. It also 
simplifies monitoring of the user's premises by an authorised security service. It achieves this 
simplification of use by providing an integrated facility for monitoring and control, alarm 
detection and transmission, and alarm servicing, that is accessible both locally and remotely 
through a standard web browser via secure user-specific HTML pages. Of course other 
protocols such as WAP, VRML or XML can also be utilised. 

Turning now to Fig. 1, there is illustrated the arrangement of the preferred 
embodiment which includes the following components: 

-An Internet access device 15, which may include, but is not limited to, a 
computer, a mobile phone with display, a Web Phone, or a Personal Digital Assistant, capable 
of connection to the World Wide Web (WWW) through a client web browser supporting the 
HyperText Transfer Protocol (HTTP). 

-A web browser interface which runs on the Internet access device 15 and that 
allows the user to access, through queries over the WWW, HTML pages from HTTP servers 
corresponding to associated URLs. 

-An active Internet connection that connects the Internet access device 15 to the 

Internet 16. 

-A virtual private network (VPN) 17, termed here the "provider network", which 
is connected to the Internet and which embodies a collection of Internet-accessible resources 
that implement part of the integrated monitoring and control, alarm transmission and servicing 
functions of the invention. This network 17, whilst accessible from the Internet, forms an 
Extranet. 

An extranet is a private network that uses the Internet protocols and the public 
telecommunication system to securely share part of a business's information or operations with 
suppliers, vendors, partners, customers, or v other businesses. An extranet can be viewed as part 
of a company's intranet that is extended to users outside the company. An extranet requires 
security and privacy. These require firewall server management, the issuance and use of digital 
certificates or similar means of user authentication, encryption of messages, and the use of 
virtual private networks ( VPNs) that tunnel through the public network. 

A virtual private network (VPN) is a private data network that makes use of the 
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public telecommunication infrastructure* maintaining privacy through the use of a tunnelling 
protocol and security procedures. A virtual private network can be contrasted with a system of 
owned or leased lines that can only be used by one company. The idea of the VPN is to give the 
company the same capabilities at much lower cost by sharing the public infrastructure. Using a 
5 virtual private network involves encrypting data before sending it through the public network 
and decrypting it at the receiving end. An additional level of security involves encrypting not 
only the data but also the originating and receiving network addresses. 

The resources associated with the provider VPN 17 network include: 

-An authentication system or database 18 containing access information in 
10 relation to authorised users. 

-A user connection system or database 14 containing connection parameters in 
relation to the user premises. 

-A login facility 19 to initiate a secure connection for authorised users of Internet 
access devices 15. User specific HTML (or other standard) pages which are stored on logon 
15 facility server 19 and are linked to private areas, and possibly public areas. 

-A service node 20 which uses the user connection parameters to direct a 
communications server 21 to establish a connection through either a private or public 
telecommunications network to a gateway 22 at the user premises. 

-A communications server 21. 
20 -A telecommunications network 24. 

-A user premises gateway 22 including a web server running on the user 
premises gateway 22. 

-A home network 26 attached to the gateway 22, which may include sub nets of 
differing physical implementation. 
25 -Appliances 27 attached to the home network which may be monitored and 

controlled by gateway 27 and include specific intrusion detection devices which may instigate 
alarms. 

-A surveillance device 28 in the form of a digital security camera or other form 
of intrusion detection such as motion detection etc. 
30 -A control terminal 29. 

The following situations for operation of the preferred embodiment are identified: 

1. The user is in a remote location with respect to their premises and wishes to 
monitor and control, or retrieve recorded data associated with, their premises; 

2. The user is local to their premises and wishes to monitor and control their 

35 premises; 

3. An alarm condition is reported to the monitoring network, and surveillance 

data recorded. 
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1. REMOTE OPERATION 

The user premises network 26 is normally in an unconnected state in relation to 
the provider network 17. Specific actions on the part of the remote user, or their authorised 
5 agents, connect the user premises network to the provider network, thus allowing monitoring 
and control operations to proceed. 

Each user registered with the provider network has login data and premises 
connection data stored respectively in user login and user connection systems or databases 18 
located within the provider network. In addition, private Web pages are provided for each user, 
10 allowing access to URLs dedicated to either of two resource classes. One resource class is 
dedicated to stored surveillance data, whilst the other resource class is dedicated to active 
connection to the user premises for monitoring and control. 

A remote user, who desires to monitor or control their premises, uses a web 
browser on an Internet access device 15 to view the private HTML pages that are dedicated to 
15 monitoring and control of the user premises by entering a URL associated with the HTML page 
they wish to access. 

Before the remote user may view the particular HTML pages that are associated 
with the monitoring and control of the user premises, they must first identify themselves to the 
provider network via a login procedure associated with the HTML pages in question. Once the 

20 user's identification details, constituting a user name and password are authenticated, the user is 
permitted access to the HTML page requested. 

Once the user authentication process is complete, the records associated with the 
user, detailing connection parameters for the user premises, are retrieved from a database 18 in 
the provider network. The process of accessing the URL dedicated to the monitoring and 

25 control of the user premises initiates a sequence of events that culminate in connection of the 
user premises network 26 to the provider network 17. A service node 20 within the provider 
network intercepts the access to the URL dedicated to the monitoring and control of the user 
premises, and uses the premises connection data associated with the user to instruct a 
communications server 21 to initiate a connection to the gateway 22 at the user premises 

30 The communications server 21 at the service node interprets the user connection 

parameters and initiates a connection phase across the telecommunications facility to connect 
with the gateway 22 at the customer premises. The telecommunications facility 24 includes any 
system that allows end to end communication, including but not limited to the PSTN, PLMN, 
ISDN and RF communication. 

35 Preferably, a gateway 22 at the user premises has a dedicated port to the 

telecommunications network. However, it is possible for the gateway to share the port to the 
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telecommunications network, in which case the user may connect to the gateway using a 
number of different response mechanisms, including a delayed answer mechanism. 

The gateway answers the incoming call and completes the connection. The 
gateway and the connection server negotiate connection parameters and establish a network 
5 connection between the user premises network and the provider network. A web server on the 
gateway then accepts HTTP protocol through the connection. The service node 20 forwards the 
URL that was previously intercepted and that corresponds to a resource contained within the 
customer premises network to the gateway. 

Turning now to Fig. 2 there is illustrated the components running on the gateway 
10 computer 22 in more detail. The computer includes a HTTP server 30 which runs as an 
application. The gateway web server 30 then serves information in relation to user premises 
appliances through appropriate Web pages to the user. The gateway web server communicates 
with a Services Module 31, which allows the control and monitoring actions to be performed, 
and issues requests to the Services Module 31 to fulfil the user requests. The requests are 
15 relayed through the protocol stack 34 attached to the operating system resident in the gateway 
to the target appliances attached to the network. Data is sent or received from the device in 
response to the requests. In the case of control actions, the device performs the action, whilst in 
the case of monitoring actions, the device returns the requested data. 

As illustrated in Fig. 3, the gateway can be interconnected to a series of 

20 appliances 40 over a number of different networks 41, 42, 43. Fig. 5 illustrates one form of 
hardwired interconnection with a series of appliances 27. 

User access master node website 

1. From web browser, user initiates connection to login facility http server 19 via its domain 
name server (DNS) address. 

25 2. DNS address is translated to associated IP address of login facility 19 by a DNS server. 

3. HTTP connection request is sent to IP address of login facility 19. 

4. HTTP request is received by login facility 19 HTTP server and ACK is replied 

5. Page request is sent to HTTP service node 20. 

6. HTTP service node 20 determines availability of requested document 
30 7. HTTP service node 20 responds with response code. 

8. HTTP transaction occurs 
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User logs in 

1 . User access login page at login facility 19. 

2. User is prompted for authentication details 

3. User supplies authentication details 

4. HTTP login facility 19 receives authentication details (potentially via SSL 40 bit secure 
connection) 

5. HTTP login facility 19 decodes details and consults authentication database 18. 

6. Database 18 verifies user authentication and notifies login facility. 

7. If successful, user profile/identifier is pulled from database 18. 

8. Two concurrent processes are initiated on service node 20 (PI to keep the user informed, the 
P2 to establish the connection via communications server 2 1 to the monitored premises 

9. PI Personalised web page is dynamically constructed and sent to user's browser requesting 
wait 

10. P2 Connection profile is used to initiate request to gateway 22 by either of 3 possible 
scenarios 

Scenario 1: Service Node 20, login facility 19 and Connection Establishment 
server 21 are co-resident at same network node 

1. A response request is sent to an interface on the connection server 21 which initiates 
connection (dialup) to remote host 22. 

2. Connection is established using connection profile for automatic authentication at remote 
side. 

3. Remote web server gateway is queried for active HTTP services 

4. If successful user HTTP connection is redirected to remote HTTP service on gateway 22. 

5. If non-successful the user is notified and alert raised to monitoring personnel monitoring 
extranet 17. 

Scenario 2: Service Node 20 and Connection establishment service 21 are at 
separate nodes, connection is identified by static addressing 
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1. A response request is sent to communications server 21 which also holds subnet routing 
entry for static IP address. 

2. Response is delivered to communications server 21 via intermediate gateways using 
appropriate routing protocol 

5 3. Request for response is delivered to appropriate interface on communications server 21, 
which may initiate remote connection via entries within gateway configuration tables 

4. Wait state is established until positive response from gateway 22 bound with specified IP 
address 

5. Response (either positive or negative) is received from communications server 2 1 . 
10 6. Response is relayed to login facility 18. 

7. If successful user HTTP connection is redirected to remote HTTP service on gateway 22. 

8. If non-successful user is notified and alert raised to monitoring personnel 

Scenario 3: Service Node 20 and Connection establishment Server 21 are at 
separate nodes, and connection must establish identity via dynamically 
15 assigned addressing 

Case 1: Dynamic assignment is achieved by reconfiguration of end point router interface 
configuration tables service node 20. 

1. A control channel is established to the end-point gateway 22 as specified in the connection 

profile 

20 2. The end point gateway 22 is programmed with the IP address specified in the connection 
profile (the IP address may be obtained dynamically by the service node 20 server from any 
dynamic host configuration service), and with the connection details required to establish 
physical connection via OSI level 1 network. 

3. Request for response is sent to IP address specified in connection profile of device e.g. 27- 
25 29 via end point gateway 22. 

4. Request for response is delivered to appropriately reconfigured interface. 

5. Response (either positive or negative) is received from interface of device 27-29. 

6. Response is relayed to Gateway 22. 
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7. If successful user HTTP connection is redirected to remote HTTP service on gateway 22. 

8. If non-successful user is notified and alert raised to monitoring personnel 

Case 2 : Dynamic assignment is achieved by request for IP address assignment from 
dynamic host configuration service (local to end-point router) initiated by endpoint router 
based on connection parameter (from the connection profile) encapsulated in the request 
packet received from the server node 20. 

1. Service Node 20 encapsulates connection parameters from connection profile in request 
packet which is sent to communications server 21. 

2. Communications server 21 detects request packet received from service node 20. 

3. Communications server 21 detects queries DHC server with connection parameters. 

4. DHC server dynamically assigns IP address for connection profile to endpoint gateway 

5. Endpoint router reconfigures interface using connection parameters and IP address 

6. Request for response is delivered to appropriately reconfigured interface. 

7. Response (either positive or negative) is received from interface. 

8. Response is relayed to Gateway Web/Auth Service 

9. If successful user HTTP connection is redirected to remote HTTP service 

10. If non-successful user is notified and alert raised to monitoring personnel 

For all dynamic IP address assignment methods, the allocated IP address is relayed to the home 
gateway once the interface is successfully raised (There are several methods. For instance, PPP 
can be used to negotiate the IP address to be assigned to the Home Gateway). Immediately that 
the interface with the assigned IP address on the Home Gateway is raised a watchdog process 
will bind an instance of the HTTP service to the raised interface for service of request coming 
through to that interface. 

2. LOCAL OPERATION 

A local user can monitor and control devices and appliances in the user premises through a 
control terminal incorporating a display and an input mechanism and running a web browser. 
The control terminal can be implemented as a wall mounted display unit 45, a set top box and 
TV 46, or a PC 45, which runs a web browser. The user accesses HTML pages on the gateway 
22 which provide monitoring and control services for devices located within the user premises 
that are attached to the premises network. 
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The gateway web server serves information through HTML pages to the user. 
The gateway web server communicates with a Services Module, which allows the control and 
monitoring actions to be performed, and issues requests to the Services Module to fulfil the user 
requests. The requests are relayed through the protocol stack attached to the operating system 
5 resident in the gateway to the target appliances attached to the network. Data is sent or received 
from the device is response to the requests. In the case of control actions, the device performs 
the action, whilst in the case of monitoring actions, the device returns the requested data. The 
gateway can also acts as a router, so if non-local address is detected, gateway can raise 
connection so that non-local IP address can be accessed across Internet. 

10 

3. ALARM OPERATION 

Devices, such as sensors 49, attached to the user premises network may generate alert 
conditions, in response to a condition detected by a device sensor or to a particular device state. 
A special case identified is an alert condition generated by an intrusion detection or surveillance 
15 device. 

A digital security camera 28 is provided and, as shown in more detail in Fig. 5, 
incorporates an imaging device 50 for capturing an image, preprocessing unit 51, memory store 
52, compression unit 53, network interface 54 and CPU 55. The digital security camera is 
connected to the user premises network gateway through a physical or wireless network. The 

20 gateway 22 and the camera system 28 communicate through a common protocol. The imaging 
device 5 1 within the digital security camera continuously records image data, which is then read 
from the imaging device, through the pre-processing circuit 51, and written to memory store 52. 
A compressor 53 reads image data from memory and produces a compressed version of the 
image data. The CPU 55 may optionally analyse the raw image using motion detection and 

25 image significance algorithms programmed into the CPU. If the security system is armed, and a 
significant event is detected, an alert condition is generated and compressed images and other 
information are transmitted through the network interface 54, across the user premises network, 
to the gateway 22. 

In another embodiment of the security camera, as shown in Fig. 6, the 
30 functionality of the gateway is incorporated directly into the camera and a telecommunications 
interface 57 is provided for direct connection with the communications server. 

Returning to Fig. 1, generally, once an alert condition is detected by a sensor or 
other device attached to the user premises network, information regarding the alert condition is 
transmitted via the user premises network 26 to the gateway 22. Software on the gateway 
35 interprets the information in relation to the alert condition, and may qualify the alert condition 
with user pre-programmed qualifiers stored in a database on the gateway 22. An alarm 
condition is generated if the logical AND of the alert condition and corresponding qualifier is 
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TRUE. In response to an alarm condition, the gateway 22 uses pre-programmed connection 
parameters to initiate a connection through the telecommunications network 24 to a preferred 
communications server 21 on the provider network 17. The communications server answers the 
call and completes the connection. If there is a fault and a successful connection to the 
5 communications server can not be raised, the gateway may retrieve from a local database 
further connection details for alternative communication servers on the provider network. Once 
a successful connection exists between the gateway and a communication server on the provider 
network, the gateway and the communication server negotiate connection parameters and 
establish a connection between the user premises network 26 and the provider network. This 

10 process identifies the user premises network, and hence the associated user, to the provider 
network 17. Information in relation to the alarm condition is transmitted from the user premises 
network 26 to the provider network 17. Software running on the provider network processes 
the alarm condition, and transmits an alarm state to a monitoring console. In addition, pre- 
programmed alarm actions in relation to the user are retrieved from a user database 18 on the 

15 provider network, and all actions identified are automatically performed. These may include 
automatic notification of the alarm condition to the user through mechanisms such as, but not 
limited to: e-mail, pager, and telephone. In addition, all data associated with the alarm condition 
transmitted from the user premises network to the provider network is stored in a secure 
repository within the provider network. User pre-programmed qualifiers may gate access to this 

20 recorded surveillance data by authorised monitoring personnel. The data is accessible to the 
user in their private storage area, and may be viewed from their web browser. 

Further modifications and applications are possible. For example, the connection 
gateways could form nodes of a distributed computing environment that may be allocated by 
the extranet on a demand basis to facilitiate supercomputer type calculations. 

25 It would be appreciated by a person skilled in the art that numerous variations and/or 

modifications may be made to the present invention as shown in the preferred embodiment 

without departing from the spirit or scope of the invention as broadly described. The preferred 

embodiment is, therefore, to be considered in all respects to be illustrative and not restrictive. 
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Claims 

1 . A home security system for monitoring a home environment comprising: 
an Internet browser connectable to an extranet; 

an extranet located external to said home environment and accessible via said 
Internet browser; 

a communications server located in said extranet and adapted to interconnect on 
demand with one of a series of connection gateways located in predetermined home 
environments; and 

a connection gateway located in said home environment adapted to control 
and/or monitor the operation of at least one security device in said home environment; 

wherein upon accessing a predetermined address by said Internet browser on said 
extranet, said communications server connects to a predetermined one of said connection 
gateways to control and/or monitor the operation of said security device. 

2. A home security system for monitoring a home environment comprising: 
an extranet located external to said home environment; 

storage means forming part of said extranet; 

at least one communications server located in said extranet and adapted to 
interconnect on demand with one of a series of connection gateways located in predetermined 
home environments; 

a connection gateway located in said home environment adapted to control 
and/or monitor the operation of at least one security device in said home environment; and 

a security device activating a security condition upon the occurrence of a 
predetermined event; 

wherein, upon the occurrence of said predetermined event, said security device 
notifies said connection gateway and transfers event information on said predetermined event to 
said connection gateway and said connection gateway establishes an interconnection with said 
communications server and transfers said event information via said communications server to 
said storage means for later interrogation by a user of said home security system. 

3. A system as claimed in any previous claim wherein said communication 
server utilises a telecommunications network to interconnect with said connection gateway. 

4. A system as claimed in claim 2 wherein said security device includes 
alert conditions which are forwarded to said connection gateway, wherein it is qualified with a 
pre-programmed enable, and if the result is TRUE, an alarm event is generated, whereupon said 
connection gateway establishes a connection with one of said communications servers, and 
surveillance data related to said alarm event is uploaded to said extranet for secure storage 
accessible upon interrogation by a user. 

5. A system as claimed in claim 1 or claim 2, wherein said extranet forms 
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part of the Internet and said communications server is located within the local telephone call 
radius of the home environment, thus providing lowest cost PSTN access from or to the home 
environment. 

6. A system as claimed in claim 2, wherein photos of authorised occupants 
5 of said home environment are accessible from said extranet and are accessed upon an alarm 

event and cross referenced with surveillance data to ascertain whether a true alarm condition has 
been raised 

7. A system as claimed in claim 1, wherein authentication to access said 
extranet is required only once per Internet browser session. 

10 8. A system as claimed in any previous claim, wherein publicly accessible 

HTML pages are additionally provided for each user of said home security system providing 
details of the current status of the home environment of said user. 

9. A system as claimed in any previous claim wherein said extranet provides 
a user premises e-mail facility, and automatically raises connection in a pre-programmed 

15 fashion to said connection gateway and transfers user e-mail to said connection gateway 

10. A system as claimed in any previous claim wherein said the Internet 
browser is utilised in conjunction with an Internet access device which includes a smart card 
reader and associated user smart card which provides authentication details and URL 
corresponding to said home environment. 

20 1 1. A system as claimed in claim 10, wherein said smart card also facilitates 

global access to the Internet for access of said extranet, and optionally additionally tracks 
connections for expensing. 

12. A system as claimed in any previous claim wherein the Internet access 
device is a computer, WebPhone, Portable digital assistant, or mobile phone with web browsing 

25 capability. 

13. A system as claimed in any previous claim wherein the connection 
gateway incorporates a user programmed answer strategy, including delayed answer, and 
optionally detects a voice connection and record compressed version, thus operating in 
answering machine mode. 

30 14. A system as claimed in claim 13 wherein upon answering the incoming 

call, the connection gateway raise a connection to a communications server, and sends an 
indication to the user of said home security system of the receipt of a recorded message. 

15. A system as claimed in claim 14 wherein said connection gateway sends 
a recorded compressed voice messages to a communications server for storage on said extranet 

35 for forwarding to a user of said home environment. 

16. A system as claimed in claim 14, wherein the connection gateway 
provides indication of messages received on a HTML page accessible by a user of said home 
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environment. 

17. A system as claimed in any previous claim, wherein the connection 
gateway detects a fax and stores the fax. 

18. A system as claimed in any previous claim, wherein the connection 
5 gateway is in a tamper proof enclosure, and operates without mains power. 

19. A system as claimed in any previous claim wherein the connection 
gateway is tamper proof, and triggers an alarm and relay alarm to the provider network in case 
of attempted tampering. 

20. A system as claimed in any previous claim, wherein the connection 
10 gateway acts as a hub and Internet connection mechanism for connected devices including said 

security devices located in said home environment. 

21. A system as claimed in any previous claim further comprising a control 
terminal interconnected to said connection gateway, said control terminal comprising a wall 
mounted flat panel display incorporating a touch screen and running web browser. 

15 22. A system as claimed in claim 21 wherein the control terminal is equipped 

with biosensor, for access authentication of a local user in said home environment to said 
connection gateway. 

23. A system as claimed in claim 22 wherein the biosensor comprises a 
fingerprint sensor. 

20 24. A system as claimed in claim 21 wherein the control terminal is 

connected to said connection gateway in a wireless manner. 

25. A system as claimed in claim 21 wherein the control terminal is powered 
by rechargeable batteries, allowing the control terminal mobility within the range of wireless 
transmitters attached to the user premises network. 
25 26. A system as claimed in claim 21 wherein control terminal is of reduced 

handheld size, so that can operate as universal premises remote control. 

27. A system as claimed in claim 21 wherein the control terminal integrates a 
digital camera, microphone and speaker, and H.323 protocol software, thus allowing the control 
terminal to be used as a videophone, through a standard browser interface. 
30 28. A system as claimed in claim 21 wherein a control terminal is provided 

by a personal computer (PC) equipped with a user premises network connection, wherein said 
PC runs a browser accessing a URL corresponding to said connection gateway. 

29. A system as claimed in claim 21 wherein said control terminal is 
provided by set top box connected to TV and running a web browser. 
35 30. A system as claimed in claim 21, wherein said control terminal is 

equipped with a smartcard reader for e-commerce transactions over said extranet. 

31. A system as claimed in any previous claim wherein at least one of said 
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security devices comprises a digital security camera embodying image capture and 
compression method and an interconnection to said connection gateway. 

32. A system as claimed in any previous claim wherein at least one of said 
security devices comprises a digital security camera embodying image capture and 

5 compression methods and an Internet connection. 

33. A system as claimed in any previous claim 31 or claim 32 wherein said 
camera includes motion detection and image significance algorithms which run in said camera, 
and filter input so that only detected motion input is compressed and sent through said 
connection gateway to said extranet. 

10 34. A system as claimed in any previous claim wherein said connection 

gateway is programmable to allow different response mechanisms to differing classes of alert 
event. 

35. A system as claimed in any previous claim wherein said connection 
gateway contains connection details for preferred and secondary communication servers on said 

1 5 extranet, so that if a first communication server does not respond, other communication servers 
may be contacted until successful connection is achieved. 

36. A system as claimed in any previous claim wherein user data storage on 
said extranet for storing event data associated with said home environment is allocated virtually. 

37. A system as claimed in any previous claim wherein said user data storage 
20 on said extranet is allocated redundantly, ensuring integrity of stored surveillance data. 

38. A system as claimed in any previous claim wherein said extranet includes 
a user contact database which includes preferred contact methods, allowing automatic contact 
mechanisms to be associated with alarm condition, including use of e-mail, pager, computer 
generated voice message through telephone, requesting response or if timeout, security action. 

25 39. A system as claimed in any previous claim, wherein at least one of said 

security devices includes an external access mechanism to said user premises. 

40. A system as claimed in any previous claim, wherein at least one of said 
security devices is equipped with reader for an RF tag that is used for user authentication. 

41. A system as claimed in any previous claim, wherein at least one of said 
30 security devices is equipped with a smartcard reader that is used for user authentication. 

42. A system as claimed in any previous claim, wherein said connection 
gateway provides support for the HomePnP, Bluetooth, HomeRF, Hiperlan or HAVi standard 
for network communication and appliance control. 

43. A system as claimed in claim 42, wherein the smartcard includes a 
35 biosensor, to the substrate of the smart card, and circuit embedded in smartcard to authenticate 

user before the smartcard will operate. 

44. A system as claimed in any previous claim wherein said connection 
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gateways form nodes of a distributed computing environment that may be allocated by said 
extranet on a demand basis. 

45. A system for providing information access across at least two networks, the system 
comprising: 

5 a first network having a first network access controller; 

a second network having a second network access controller; 

a user access browser located on said first network for locating and examining 
information on said first and second networks by means of network address locators; 

wherein when a predetermined location on said network is accessed, said first network 
10 access controller initiates the establishment of a network connection to said second network 
access controller so as to provide for the temporary interconnection of said first network to said 
second network, said system thereby providing a seamless access to information stored on said 
second network from said user access browser. 

46. A system as claimed in claim 44 wherein said network address locators comprise 
15 Universal Resource Locators. 
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